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[57] ABSTRACT 

In an electronic assembly, a first integrated circuit device 
(chip) is provided with a lock circuitry that controls opera- 
tional enablement of a functional block of the chip. To 
unlock the lock circuitry, a "chip-key" must be supplied to 
the chip. The chip is also provided with chip-key output 
circuit for outputting a chip key associated with one or more 
other chips of the electronic assembly; the chip-key output 
circuit may be part of the functional block controlled by the 
lock circuitry of the same chip. 

9 Claims, 4 Drawing Sheets 
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ELETRONIC ASSEMBLY WITH With such an arrangement an intruder having internal 

INTEGRATED CIRCUIT DEVICES physical access to an item of equipment cannot access the 

INCLUDING LOCK CIRCUITRY resources incorporating the controlled devices whilst an 

authorised user need only input a single password to unlock 
FIELD OF THE INVENTION 5 the functionality of all resources he/she is authorised to use. 

The present invention relates to an electronic assembly Tne principle of having one device enable another can 

with integrated circuit devices that include lock circuitry. also 06 used t0 ensure that only certain specific devices or 

device types are used together. Thus if a device receiving a 

BACKGROUND OF THE INVENTION chip key from another is not the intended mate to the device 
xr . . . . t ^ . . 10 outputting the chip key, then it can be arranged that the chip 

Various techniques are known for ensuring that only ke * is to cnable mc Reiving device 

autfionsed persons can gain operational access to a com- ^ ^ an appUcation. it is not in fact necessary for the 

outer. For example, a computer may offer password protec- device me chip key t0 await for its own functionality 

uon whereby upon power on of the computer or following t0 te enabled before it outputs the chip key to the ne£ 
activation of password protection (for example, when a user is device. 

temporarily goes away from the computer), a predetermined A * P , 

password must be entered before the operational capabalitics ^ 8 * ° nC ***** ***** mventl0n is 

of the computer are restored. Such a system may operate, for P^v™** 

example, by deactivating the keyboard controller until the BRIEF DESCRIPTION OF THE DRAWINGS 
correct password is input 20 

It is also known to adjust the computer resources available Electronic assemblies embodying the invention, will now 
to a user according to the user's authorisation level; this is described - b y wa y of non-limiting example, with refer- 
generally achieved by having the user identify hiraselrV ence to ^ accompanying <uagrammatic drawings, in which: 
herself to the computer with this identify being authenticated FIG. 1 is a block diagram of an integrated circuit device 
by subsequent input of a user- specific password. 25 showing a lock circuitry for controlling enablement of a 

In fact both the foregoing arrangements provide only functional block of the device; 

very limited protection for the computer resources in the FIG. 2 is a diagram illustrating various arrangements for 

situation where a person intending to gain unauthorised enabling different functional blocks provided in the same 

access (herein referred to as an intruder) has physical access integrated circuit device; 

to the inside of the computer. For example, in the case of 30 FIG. 3(a) is a diagram of a first embodiment of an 

password protection inhibiting the keyboard controller, it is integrated circuit device for use in the present invention* 

really only the keyboard that is disabled and an intruder with n G. 3(fr) is a diagram of a second embodiment of an 

internal physical access to the computer can readily bypass integrated circuit device for use in the present invention; 

the keyboard and use the other computer resources. The CTr ~, v . , . , 

same is true where access to certain resources is password 35 . ™ 3^ ™ * ***?*f of a . th 5 d embodiment of an 

protected as such protection is software implemented by the for u « m the present invention; 

computer's main processor and an intruder with internal FIG ' is 8 of a fourth embodiment of an 

physical access can. for example, readily access a suppos- integrated circuit device for use in the present invention; 

edly protected hard disc drive. FIG. 4(a) is a diagram of a first electronic assembly with 

One approach to dealing with mis problem has been to 40 m arrangement of integrated circuit devices of the FIG. 3(a) 

reduce the possibility of an intruder gaining internal physical fonn that scrves t0 u**Wt operation of functional blocks of 

access to the computer. For example, it is common to *** devices tf ^vicc is missing; 

provide physical locks on computer cases. More sophisti- FIG. 4(b) is a diagram of a second electronic assembly 

cated approaches are also known, though generally in the with a one-to-many arrangement of integrated circuit 

context of protecting highly sensitive data; thus, it is known 45 devices with the "one" device being of the FIG. 3(b) form; 

to provide tamper-proof enclosures for encryption/ FIG. 4(c) is a diagram of a third electronic assembly with 

decryption modules storing encryption/decryption keys, any a chain arrangement of integrated circuit devices with the 

attempt to open the module resulting in destruction of the device at the head of the chain being of the FIG. 3(b) form; 

keys. This latter approach to providing a defense against and 

internal physical tampering whilst effective is generally 30 FIG. 4(d) is a diagram of a fourth electronic assembly in 

very expensive and is not suitable for general application. whidl M integrated circuit device of the FIG. 3(d) form 

It is an object of the present invention to provide a general controls two futher integrated circuit devices, 
approach to protecting resources in electronic equipment 

that may be physically accessible to unauthorised users, but 55 BEST MODE OF CARRYING OUT THE 

which does not require the use of a special tamper-proof INVENTION 

enclosure. Before describing an enibodiment of an integrated circuit 

SUMMARY OF THE INVENTION ***** P 1 ™^ with chip-key output means for use in the 

present invention, an integrated circuit device will be 

In general terms, the present invention envisages control- 60 described, with reference to FIGS. 1 and 2, that has a 

ling the use of the functionality provided by a plurality of functional block controlled by lock circuitry. The integrated 

integrated circuit devices (for example, associated with circuit device of FIGS. 1 and 2 forms the subject mater of 

different resources) by requiring each of the devices to be our co-pending European Application filed the same date 

provided with a corresponding password ("chip key**) and and entitled Integrated Circuit Device with Function Usage 

arranging for this to be done by having a first one of the 65 Control** 

devices, once itself enabled by its chip key, initiate the The integrated circuit device 10 (hereinafter "chip") 

passing of the appropriate chip keys to the other devices. shown in diagrammatic form in FIG. 1 comprises lock 
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circuitry 11 controlling operational enablement of a func- 
tional block 12 (FIG. 1 is not intended to accurately repre- 
sent the relative chip areas occupied by the circuitry 11 and 
functional block 12). Functional block 12 may, for example, 
be a data compression engine for compressing/ 
decompressing externally supplied data, or part of a disk- 
drive controller. 

The functional block 12 is connected to external data, 
address and control lines 13. 14, 15 through external chip 
contacts ( not explicitly shown). The block 12 operates in 
standard manner with the exception that for its operation it 
needs to be supplied with a signal on line 16 coming from 
the lock circuitry 11. In the present example, the required 
signal on line 16 is an external clock signal delivered over 
control line 17 to a gating circuit 18 of the lock circuitry 11. 
When the gating circuit is fed with an enable signal on line 
19. the external clock signal is passed to the block 12 
enabling its operation; in the absence of an enable signal on 
line 19, the block 12 is internally non-operational. 

To unlock the lock circuitry 11 to enable block 12. a 
predetermined password (chip-key) must be supplied to the 
lock circuitry 11 from externally of the chip 10. Two 
particular measures are taken to ensure the confidentiality of 
this chip-key. First the chip-key is passed to the chip 10 in 
encrypted form, the encrypted chip-key being decrypted in 
the lock circuitry 11. To this end. the lock circuitry com- 
prises a secure communication block 20 that communicates 
with the outside world over serial input and output lines 21. 
22. The block 20 implements, for example, the well-known 
Diffie-Hellman Key Exchange algorithm (see. for example, 
"Network and Internetwork Security**. p342, William 
Stallings. Prentice Hall International, 1995); by operating 
this public key algorithm with one-time cryptographic keys, 
a chip-key can be passed to the chip 20 in a confidential 
manner that is proof against a replay attack. 

When the secure communications block 20 is fed with an 
encrypted chip-key, it decrypts the chip-key and temporarily 
outputs the chip-key as first intermediate value IV1. 

The second measure taken to ensure the confidentiality of 
the chip-key. is that a copy of the chip-key is not stored as 
such in chip 10 for comparison against the input chip-key. 
Instead, a signature of the correct chip-key for the chip 
concerned is stored in register 25 of the lock circuitry, this 
signature being a value formed by subjecting the clear form 
of the chip-key to a one-way function. This one-way func- 
tion is, for example, a one-way hash function such as 
effected the Secure Hash Algorithm SHA (see page 276 of 
the aforesaid reference "Network and Internetwork 
Security"). Were an intruder able gain access to register 25 
in a manner permitting its contents to be read, this would not 
compromise the chip-key as it would not be computationally 
feasible to determine the latter from its signature held in 
register 25. 

In order to ascertain whether an input chip-key is the 
correct one to unlock the particular chip 10 concerned, the 
lock circuitry further comprises a one-way function block 26 
mat subjects the chip-key output as IV 1 from block 20 to the 
one-way function (in this case, the SHA) used to form the 
chip-key signature held in register 25. The resultant inter- 
mediate value IV2 output by block 26 is then compared in 
comparison block 27 with the signature stored in register 25; 
if a match is found, the comparison block 27 outputs an 
enable signal on line 19 to cause operational enablement of 
the functional block 12. The comparison block latches the 
enable signal in the sense that once this signal is generated, 
it remains present notwithstanding removal of the correct 



4 

IV2 value, until the chip is dc -energised (or some other 
condition is achieved). 

The chip-key signature stored in register 25 may be set in 
permanently at the time of manufacture or. as in the present 

s example, written in subsequently (the register in this case 
being for example. Flash or EEPROM memory). To control 
this latter process, the chip 10 is provided with a write 
control circuit 28 interposed between the data lines 14 and 
the register 25. In order to write to the register 25. the 

10 required chip-key signature value is placed on the data lines 
14 and a write-enable signal is passed on line 29 to the write 
control circuit 28. Additionally, the write control circuit 28 
is arranged only to enable writing to the register 25 either if 
its contents are all zeroes (indicating that no chip-key 

15 signature has yet been written in) or if the lock circuitry is 
currently in its unlocked state (as indicated, for example, by 
the presence of a signal on line 30 from the comparison 
block 27). 

Once the required chip-key signature has been written to 
20 the register 25. further writing to the register could be 
prevented by providing a fusible link in the write control 
circuitry 28. the link being blown upon application of an 
appropriate external signal on line 31. 
Typically, the chip key in clear form may have a length of 
25 IK bits. 

Although in FIG. 1 the chip 10 is shown with only one 
functional block 12 controlled by the lock circuitry 11. a 
number of such blocks may be provided typically each with 
different functionality. Such an arrangement is shown in 
FIG. 2 for five functional blocks 12A to 12E. In this case a 
respective gating circuit 18 is associated with each func- 
tional block and the register 25 is replaced by a register 
block 35 storing signatures for a plurality of different 

35 chip-keys associated with particular ones of the functional 
blocks. In FIG. 2, these signatures are designated H(K1) to 
H(K6), corresponding to the hash of chip-keys Kl to K6 
respectively. When presented with an intermediate value 
IV2, the comparison block 27 now searches for a match 

40 amongst the signatures H(K1) to H(K6) stored in register 
block 35 and upon finding a match takes appropriate action 
in respect of the associated functional block. 

In the FIG. 2 example, for functional blocks 12A. 12B. 
12C a single respective signature H(K1), H(K2). H(K3) is 

4S stored in register block 35 and upon signal IV2 taking on a 
corresponding value, the comparison block 27 outputs an 
enable signal to the appropriate functional block. The func- 
tionality of the blocks 12A. 12B and 12C can thus be 
selectively enabled according to the input chip-key and this 

50 permits different functionality to be made available to dif- 
ferent users. 

The enablement of block 12D is more involved than for 
blocks 12A3,C. In this case, not only must signal IV2 take 
on the correct value corresponding to the stored signature 

55 H(K4) for block 12D, but block 12C must also have first 
been enabled. This is achieved by having the gating circuit 
18 associated with the block 12D only enable the latter upon 
receipt of enable signals both from the comparison block 27 
and from the block 12C, the latter only supplying such a 

6o signal when itself enabled. This general arrangement per- 
mits a hierarchical access scheme to be implemented by 
which each level has a corresponding chip-key and users can 
only enable functional blocks up to a level in the hierarchy 
for which they have the correct chip-keys. 

65 Enablement of functional block 12E requires the input of 
two encrypted chip-keys K5, K6 (possibly in direct 
succession), the register block 35 storing the corresponding 
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signatures H(K5), H(K6) of both chip-keys. In this case, the FIG. 4 shows four possible anangments of the FIG. 3 

comparison block 27 when identifying a match for a first one chips in an electronic assembly, these anangments being 

of the chip-keys, must remember this fact and await detec- merely illustrative of the wide range of possible arrange- 

tion of a match for the second one of the chip-keys before ments. 

outputting an enable signal to the gating circuit 18 associ- 5 In the FIG. 4(a) arrangement, three chips 10 of the FIG. 

ated with functional block 12E. 3(a) form each have their lock circuitry arranged to receive 

It will be appreciated that the different approaches ^ cni P kc y s o"*" 1 bv mc circuits of the other two chips, 

described above for enabling blocks 12A-C block 12D, and Thc lock circuitry 11 of each chip is such that it requires the 

block 12E can be used in any desired combination as chip kcys from mc other chi P s befarc il enables the associ- 
required. It will also be appreciated that the chip 10 can be w a f cd ft 111 ^ 011 ^ block & ^ such an arrangment, the 

provided with one or more functional blocks that are not absence of any one chip prevents the functional blocks of the 

sssA'SJasK? u - such blocks ~ttia£ttt&vsr 

hLZ 5? P T nt TT"\!?? l0Ck not *«id W be provided 3 a chip-key output 

circuitry, such as fee previously described lock circuitry 11. (though, of course, such functionality could tepre£nt).This 

and a functional block 12 controlled by the lock circuitry. arrangement provides a one-to-many enablement arrange- 

For clarity, in FIG. 3 (and also in FIG. 4) only the input meat 

wnne^ontothelockcir^tryllofeachcMplOhasbeen In the FIG. 4(c) arrangement a first chip of the FIG. 3(b) 
shown, this connection bong represented by a single line » form is arranged to output a chip key to enable the functional 

(generally, it will be two lines as shown in FIG. 1 as two-way block of a second chip also of the FIG. 3(6) form; this Utter 

communication is required for the secure communication chip is in turn arranged to output a chip key for enabling the 

process operated by the FIG. 1 lock circuitry). Again, for functional block of another chip. This arrangement provides 

danty each chip is shown as having only one main func- a chain of enablement that can be extended as required. 
^UockUcott^ 25 ThenG^^fonnctfchipcoddbeusedinp^ceofthe 

-^iffiS^ iB ^enTln^FIG ^ *l"JF t V 

* . w^wuj;. arrangements. In the FIG. 4(d) arrangement a chip of the 

Each embodiment shown in FIG, 3 includes a chip-key FIG. 3(d) form is used to independently enable two further 

output ciruit 40 which when enabled is operative to output chips in dependence on the receipt of the appropriate chip 
a chip key associated with another chip. This output may be 30 key by the lock circuitry of the FIG. 3(d) chip 

m*?^* f ™^^ Xt wm * appreciated that in the foregoing FIG. 4 

S£W"^ ra ' 1 lockcirontry) or may anangments, where different chip keys are to be^ssei to 

use a lower level of security, depending on application. different chips, this can be donlover the same cCmuni- 

FIG. 3(a) shows a first form of chip 10 for use in the 35 cation lines since passing a chip key to a chip for which it 

present invention, in which the chip-key output circuit 40 is is not intended simply means that me chip will fail to 

independent of the lock circuitry 11, being enabled imme- respond. Of course, appropriate measures would be needed 

diately upon energisation of die device and triggered to for sharing a common communication link, 

output its chip key by an external signal such as a reset In all of the FIG. 4 arrangements, the master or head chip 

Slg ~, . ^ ^ 40 ( me leftmost chip) may be supplied with a chip key over a 

FIG. 3(b) shows a second form of chip 10 for use in the communications link or from a local input device such as a 

present invention in which the chip-key output circuit 40 smart card reader 

fOT ™Jf u ( ™ aU) * «■* ft™*** block 12 it w m be appreciated that various modifications may be 

controUed by the lock circuitry 12. In this embodiment, upon made to the described embodiments of the present invention, 

me functional block 12 becoming enabled, the chip-key 45 For example, the lock circuitry may differ from that 

ounput circuit 40 outputs its chip key. described^ respect to FIG. 1 depending on the level of 

FIG. 3(c) shows a third form of chip 10 for use in the security required; in some applications, for example, it may 

present invention in which the chip-key output circuit 40 be acceptable simply to store the password in clear in the 

forms a functional block controUed by the lock circuitry 12 chip and even to omit the secure communications means. In 

separately from me main functional block of the chip; in this M fact for the arrangements shown in FIGS. 4(b) to 4(d). a 

case, the block 12 and circuit 40 may become enabled by the preferred option is to provide the head chip (the leftmost 

receipt of different chip keys by the lock circuitry. Upon the chip) with lock circuitry of the FIG. 1 form whilst using less 

chip-key output circuit 40 becoming enabled, it outputs its secure arrangements for the other chips. For the FIG. 4(a) 

kcv * arrangement, lock circuitry of a lower level of security than 

FIG. 3(d) shows a fourth form of chip 10 for use in the 55 offered by the Figure lock circuitry will generally be appro- 
present invention in which two chip-key output circuits 40 priate. The chip-key output means 40 has its security level 
are provided, each controlled as a functional block by the matched to that of the lock circuitry with which it interfaces, 
lock circuitry 12 such as to become enabled by the receipt I claim: 

of different chip keys by the lock circuitry. Upon either 1. An electronic assembly positioned within a computer 

chip-key output circuit 40 becoming enabled, it outputs its 60 case* said electronic assembly including a plurality of inte- 

chip key (the chip keys output by each circuit 40 will grated circuit devices, a first one of said devices comprising: 

genreally be different). a functional block for providing the devicewith a required 

It will be appreciated mat variants of the FIG. 3 chip functionality, 

forms are possible; for example, in FIG. 3(d) chip, more than lock circuitry for inhibiting operation of said functional 

two chip-key output circuits could be provided and each 65 block until the provision to the lock circuitry, from 

may form part of a block 12 possessing additional function- externally of the device, of at least one predetermined 

•Hty* chip key, and 
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chip key output means fox outputting a chip key associ- 
ated with another said device; 
and a second one of said devices being connected to receive 
the said chip key output by the said chip-key output means 
of said devices, said second one of said devices comprising: 5 
a functional block for providing said second one of said 

devices with a required functionality, and 
lock circuitry for inhibiting operation of said functional 
block of said second one of said devices until the 
provision to the lock circuitry of said chip key from 
said first one of said devices. 

2. An electronic assembly according to claim 1. wherein 
for said first one of said devices, said chip-key output means 
is independent of said lock circuitry. 

3. An electronic assembly according to claim 1, wherein 
for said first one of said devices, said functional block 
controlled by the lock circuitry comprises said chip-key 
output means. 

4. An electronic assembly according to claim 3, wherein 
said first one of said devices comprising at least two said 20 
functional blocks each comprising a respective said chip-key 
output means for outputting respective chip keys when the 
functional block ceases to be inhibited by said lock circuitry, 
there being at least two said second ones of said devices to 
which are passed respective ones of said chip keys output by 
the said first one of said devices. 

5. An electronic assembly according to claim 2. including 
a plurality of said second ones of said devices each con- 
nected to receive the chip key output by said first one of the ^ 
devices. 

6. An electronic assembly according to claim 3, wherein 
the said functional block of said second one of the devices 
includes chip-key output means for outputting a respective 
chip key when the functional block ceases to be inhibited by 
said lock circuitry, a third one of said devices being con- 
nected to receive the said chip key output by the said 
chip-key output means of said second one of said devices, 
and said third one of said devices comprising: 



a functional block for providing that device with a 

required functionality, and 
lock circuitry for inhibiting operation of said functional 

block of the same device until the provision to the lock 

circuitry of said chip key from said second one of said 

devices. 

7. An electronic assembly according to claim 1. wherein 
the lock circuitry of said first device comprises: 

storage means for storing at least one reference value. 

secure communication means for receiving an input from 
externally of the device and for subjecting that input to 
a decryption process to produce a first intermediate 
value, the nature of said decryption process being such 
that said first intermediate value corresponds to the 
clear form of a said chip key when said input is that key 
in encrypted form, 

means for receiving said first intermediate value and for 
performing a one-way function on it to produce a 
second intermediate value. 

comparison means for detecting a match between said 
second intermediate value and a said at least one 
reference value, and for producing a corresponding 
enable signal when at least one said match has been 
detected, and 

inhibit means for inhibiting operation of the or each said 
functional block until the corresponding said enable 
signal is produced. 

8. A device according to claim 1, wherein the said 
chip-key output means of said first device is such that the 
said chip key output thereby is output in encrypted form, the 
lock circuitry of the second device including means for 
decrypting the chip key on receipt 

9. An electronic assembly according to claim 3. including 
a plurality of said second ones of said devices, each con- 
nected to receive the chip key output by said one of the 
devices. 
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